Transcript
This transcript was autogenerated. To make changes, submit a PR.
Hello, everyone.
Welcome to CON 42 Python 2025 conference.
I am Sandeep Bachu and I bring over a decade of experience in building and
securing cloud and hybrid platforms.
Today, I will be discussing about securing cloud infrastructure in an
era of rapid digital transformation.
Let's talk about the growing importance of cloud security.
as the cloud adoption has revolutionized business, it has also
introduced a broader attack surface.
What kind of challenges do we see?
Increasing attack sophistication and lack of traditional parameter controls.
If we are talking about the statistics, 94 percent of the enterprise rely on cloud
services, but average into Enterprise face thousands of cyberattacks daily.
And also, by 2025, 75 percent of the enterprise generated data will be created
and processed in cloud environment, making them prime targets for the attackers.
how we can resolve this issue is by Looking at the Zero Trust
architecture, why Zero Trust?
the traditional security models assumes once users are inside the network
parameter, they are trustworthy.
But Zero Trust challenges this by assuming no user or device is trusted by default.
And the core principles it follows is continuous user verification.
It also goes by leveraging the least privileged access, where users get
access only to what exactly they need.
It could be the applications as well.
And also the micro segmentation to limit the lateral movement within the network.
And now, coming to the identity and access management, how we can leverage this.
the, there are certain IAM features, which are nothing but leveraging the
role based access control, RPAC, where we assign roles based on responsibilities
and ensuring employees or applications access only relevant resources.
And also we can leverage the adaptive authentication, which is
nothing but dynamically, it assists the risk factors like the device
location and also the behavior.
We can also leverage the policy enforcement, which is nothing but,
enforcing the access restrictions.
for compliance purpose and also take and also leveraging the multi factor
authentication which reduces the unauthorized access with, because it
requires multiple verification methods like passwords, biometrics and OTPs.
Now, how we can leverage AI and ML and threat detection in securing our
cloud infrastructure applications.
So the challenges in the traditional methods are slow and also prone to errors.
As we scale, it becomes more and more complex, which results
in large scale breaches.
If we leverage an AI or machine learning capabilities, we can
leverage the behavior analytics.
Where we learn about the typical user or application patterns to detect anomalies.
And also we can leverage the threat intelligence where like the machine
learning models, which analyze millions of attack patterns for predictive detection.
And also we can leverage the, some of the emerging technologies in cloud security.
We can also look at.
Quantum resistant encryption and blockchain, the quantum resistant
encryption which addresses the future vulnerabilities where quantum computers
could break current encryption.
So preparing organization for long term security needs, is, which helps
in the transition once, the quantum resistant encryption grows along.
So now, if we are talking about the blockchain in security, we
need to ensure that data integrity, with immutable audit trails.
So we know if there are any audit trails which are tampered, can easily
be detected because that's what the blockchain helps us, It ensures the
audit trails are immutable unlike the traditional approach where You have the
ability to, to alter the audit trails.
now we can also use the decentralized verification, which reduces the
risk of single point of failure.
And also most of the companies are exploring and implementing
blockchain for cybersecurity reasons.
And also, we can leverage the micro segmentation, which helps
in reducing the attack surface.
micro segmentation is more like isolation, isolating or dividing the
network into the isolated segments, where each has its own security controls.
The benefits is like, It limits the damage of the attackers, what they
can do if they breach one segment.
It reduces the overall attack surface.
And also, the implementation can be done by leveraging the software defined
network policies, which can adjust the security rules, and also we can
leverage the VLAN controls as well.
which helps in this micro segmentation.
Now, if you are coming to the serverless security models, how we
can embrace the serverless security models for faster incident response.
why serverless?
this is one of the, most asked question, I would say.
Because serverless platforms, it's, it is most, it is like an abstract
infrastructure management, which enables like built in scalability and streamlines
security monitoring, which means, so it has an, advantage over speed, where.
Incident response times can be reduced by 65 percent due to the
automation that we can integrate into the serverless security models.
And also, it's a, it's cost efficient because all these applications
doesn't need to run on the physical servers and also the scalability.
So these applications dynamically adjust to the workloads while
maintaining the security.
And also, we can leverage the continuous compliance automation,
where we would like to streamline our compliance with the automation.
it eliminates the challenges that we see today with manual compliance, where we
have to perform, time intensive audits, and also increase chances of human
errors when doing the manual efforts.
So if we can build the, if we can build the automation, then we would see a
lot of benefits like, 80 percent rate reduction in audit preparation times
and also the organizations save huge amount annually in compliance costs.
It also helps with.
Continuous monitoring, so we can ensure regulations like GDPRs, CCPA,
HIPAA, and all are consistently met for the organizations.
And, while we discuss about different models for this, it can be the cloud
application or it could be the user, how we can secure them, it's because as
enterprises increasingly rely on cloud environments to store, process and manage
all this critical data, the traditional security, can no longer keep up with the
speed, with the pace, how these evolving threats are happening, the modern security
Strategies which offer a proactive approach which helps in safeguarding all
these sensitive assets and mitigating the risk also by adopting one of the core zero
trust principles where organizations can shift from all this outdated perimeter
based models to dynamic approach, which goes by like trust nothing and also
It enforces all this rigorous access control and also continuous monitoring.
And also, if, since we spoke about the IAM and MFA, if we are integrating
some of these advanced identity access management and multi factor
authentication solutions, this ensures that, unauthorized access is nearly
eliminated and also It helps in reducing the vulnerabilities that account for
significant portion of all these breaches.
we can also leverage some of the AI and machine learning, threat detections
that we have discussed, which helps with speed and accuracy of, identifying all
these various, malicious activities.
And also giving organization the tools to stay ahead of the attackers.
And also furthermore, when we discuss about the quantum resistant encryption
and blockchain technologies, we are paving way for future proof security
while, some serverless models helps with reducing the attack surface and
also implement the response times.
thank you all for attending this presentation.